Improve install with exported options

CMakeLists.txt

@@ -42,7 +42,7 @@ option(BUILD_SMALLBANK "Build SmallBank sample app and clients" ON)
 # Build common library for CCF enclaves
 add_custom_target(ccf ALL)
 
-if("sgx" IN_LIST TARGET)
+if("sgx" IN_LIST COMPILE_TARGETS)
   # enclave version
   add_library(
     ccf.enclave STATIC
@@ -94,7 +94,7 @@ if("sgx" IN_LIST TARGET)
   add_dependencies(ccf ccf.enclave)
 endif()
 
-if("virtual" IN_LIST TARGET)
+if("virtual" IN_LIST COMPILE_TARGETS)
   # virtual version
   add_library(
     ccf.virtual STATIC ${CCF_DIR}/src/enclave/main.cpp

cmake/ccf_app.cmake

@@ -2,8 +2,16 @@
 # Licensed under the Apache 2.0 License.
 
 set(ALLOWED_TARGETS "sgx;virtual")
+
+set(COMPILE_TARGETS
+    "sgx;virtual"
+    CACHE
+      STRING
+      "List of target compilation platforms. Choose from: ${ALLOWED_TARGETS}"
+)
+
 set(IS_VALID_TARGET "FALSE")
-foreach(REQUESTED_TARGET ${TARGET})
+foreach(REQUESTED_TARGET ${COMPILE_TARGETS})
   if(${REQUESTED_TARGET} IN_LIST ALLOWED_TARGETS)
     set(IS_VALID_TARGET "TRUE")
   else()
@@ -17,10 +25,16 @@ endforeach()
 if((NOT ${IS_VALID_TARGET}))
   message(
     FATAL_ERROR
-      "Variable list 'TARGET' must include at least one supported target. Choose from: ${ALLOWED_TARGETS}"
+      "Variable list 'COMPILE_TARGETS' must include at least one supported target. Choose from: ${ALLOWED_TARGETS}"
   )
 endif()
 
+find_package(OpenEnclave 0.8 CONFIG REQUIRED)
+# As well as pulling in openenclave:: targets, this sets variables which can be
+# used for our edge cases (eg - for virtual libraries). These do not follow the
+# standard naming patterns, for example use OE_INCLUDEDIR rather than
+# OpenEnclave_INCLUDE_DIRS
+
 # Sign a built enclave library with oesign
 function(sign_app_library name app_oe_conf_path enclave_sign_key_path)
   if(TARGET ${name})
@@ -100,7 +114,7 @@ function(add_ccf_app name)
 
   add_custom_target(${name} ALL)
 
-  if("sgx" IN_LIST TARGET)
+  if("sgx" IN_LIST COMPILE_TARGETS)
     set(enc_name ${name}.enclave)
 
     add_library(${enc_name} SHARED ${PARSED_ARGS_SRCS})
@@ -125,7 +139,7 @@ function(add_ccf_app name)
     add_dependencies(${name} ${enc_name})
   endif()
 
-  if("virtual" IN_LIST TARGET)
+  if("virtual" IN_LIST COMPILE_TARGETS)
     # Build a virtual enclave, loaded as a shared library without OE
     set(virt_name ${name}.virtual)
 

cmake/common.cmake

@@ -25,29 +25,6 @@ find_package(Threads REQUIRED)
 
 set(PYTHON unbuffer python3)
 
-set(SERVICE_IDENTITY_CURVE_CHOICE
-    "secp384r1"
-    CACHE STRING
-          "One of secp384r1, ed25519, secp256k1_mbedtls, secp256k1_bitcoin"
-)
-if(${SERVICE_IDENTITY_CURVE_CHOICE} STREQUAL "secp384r1")
-  add_definitions(-DSERVICE_IDENTITY_CURVE_CHOICE_SECP384R1)
-  set(DEFAULT_PARTICIPANTS_CURVE "secp384r1")
-elseif(${SERVICE_IDENTITY_CURVE_CHOICE} STREQUAL "ed25519")
-  add_definitions(-DSERVICE_IDENTITY_CURVE_CHOICE_ED25519)
-  set(DEFAULT_PARTICIPANTS_CURVE "ed25519")
-elseif(${SERVICE_IDENTITY_CURVE_CHOICE} STREQUAL "secp256k1_mbedtls")
-  add_definitions(-DSERVICE_IDENTITY_CURVE_CHOICE_SECP256K1_MBEDTLS)
-  set(DEFAULT_PARTICIPANTS_CURVE "secp256k1")
-elseif(${SERVICE_IDENTITY_CURVE_CHOICE} STREQUAL "secp256k1_bitcoin")
-  add_definitions(-DSERVICE_IDENTITY_CURVE_CHOICE_SECP256K1_BITCOIN)
-  set(DEFAULT_PARTICIPANTS_CURVE "secp256k1")
-else()
-  message(
-    FATAL_ERROR "Unsupported curve choice ${SERVICE_IDENTITY_CURVE_CHOICE}"
-  )
-endif()
-
 set(DISTRIBUTE_PERF_TESTS
     ""
     CACHE
@@ -72,22 +49,22 @@ endif()
 option(VERBOSE_LOGGING "Enable verbose logging" OFF)
 set(TEST_HOST_LOGGING_LEVEL "info")
 if(VERBOSE_LOGGING)
-  add_definitions(-DVERBOSE_LOGGING)
+  add_compile_definitions(VERBOSE_LOGGING)
   set(TEST_HOST_LOGGING_LEVEL "debug")
 endif()
 
 option(NO_STRICT_TLS_CIPHERSUITES
        "Disable strict list of valid TLS ciphersuites" OFF
 )
 if(NO_STRICT_TLS_CIPHERSUITES)
-  add_definitions(-DNO_STRICT_TLS_CIPHERSUITES)
+  add_compile_definitions(NO_STRICT_TLS_CIPHERSUITES)
 endif()
 
 option(USE_NULL_ENCRYPTOR "Turn off encryption of ledger updates - debug only"
        OFF
 )
 if(USE_NULL_ENCRYPTOR)
-  add_definitions(-DUSE_NULL_ENCRYPTOR)
+  add_compile_definitions(USE_NULL_ENCRYPTOR)
 endif()
 
 option(SAN "Enable Address and Undefined Behavior Sanitizers" OFF)
@@ -99,12 +76,12 @@ option(DEBUG_CONFIG "Enable non-production options options to aid debugging"
        OFF
 )
 if(DEBUG_CONFIG)
-  add_definitions(-DDEBUG_CONFIG)
+  add_compile_definitions(DEBUG_CONFIG)
 endif()
 
 option(USE_NLJSON_KV_SERIALISER "Use nlohmann JSON as the KV serialiser" OFF)
 if(USE_NLJSON_KV_SERIALISER)
-  add_definitions(-DUSE_NLJSON_KV_SERIALISER)
+  add_compile_definitions(USE_NLJSON_KV_SERIALISER)
 endif()
 
 enable_language(ASM)
@@ -117,21 +94,13 @@ include_directories(
   ${CCF_DIR}/3rdparty/flatbuffers/include
 )
 
-set(TARGET
-    "sgx;virtual"
-    CACHE STRING "One of sgx, virtual, or 'sgx;virtual'"
-)
-
 find_package(MbedTLS REQUIRED)
 
 set(CLIENT_MBEDTLS_INCLUDE_DIR "${MBEDTLS_INCLUDE_DIRS}")
 set(CLIENT_MBEDTLS_LIBRARIES "${MBEDTLS_LIBRARIES}")
 
-find_package(OpenEnclave CONFIG REQUIRED)
-# As well as pulling in openenclave:: targets, this sets variables which can be
-# used for our edge cases (eg - for virtual libraries). These do not follow the
-# standard naming patterns, for example use OE_INCLUDEDIR rather than
-# OpenEnclave_INCLUDE_DIRS
+include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake)
+install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake DESTINATION cmake)
 
 add_custom_command(
   COMMAND openenclave::oeedger8r ${CCF_DIR}/edl/ccf.edl --trusted --trusted-dir
@@ -143,9 +112,6 @@ add_custom_command(
   COMMENT "Generating code from EDL, and renaming to .cpp"
 )
 
-include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake)
-install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake DESTINATION cmake)
-
 # Copy utilities from tests directory
 set(CCF_UTILITIES tests.sh keygenerator.sh cimetrics_env.sh
                   upload_pico_metrics.py scurl.sh
@@ -161,7 +127,7 @@ install(PROGRAMS ${CCF_DIR}/tests/scurl.sh ${CCF_DIR}/tests/keygenerator.sh
         DESTINATION bin
 )
 
-if("sgx" IN_LIST TARGET)
+if("sgx" IN_LIST COMPILE_TARGETS)
   # If OE was built with LINK_SGX=1, then we also need to link SGX
   if(OE_SGX)
     message(STATUS "Linking SGX")
@@ -241,7 +207,7 @@ function(add_unit_test name)
   set_property(TEST ${name} APPEND PROPERTY LABELS unit_test)
 endfunction()
 
-if("sgx" IN_LIST TARGET)
+if("sgx" IN_LIST COMPILE_TARGETS)
   # Host Executable
   add_executable(
     cchost ${CCF_DIR}/src/host/main.cpp ${CCF_GENERATED_DIR}/ccf_u.cpp
@@ -269,7 +235,7 @@ if("sgx" IN_LIST TARGET)
   install(TARGETS cchost DESTINATION bin)
 endif()
 
-if("virtual" IN_LIST TARGET)
+if("virtual" IN_LIST COMPILE_TARGETS)
   if(SAN)
     set(SNMALLOC_LIB)
     set(SNMALLOC_CPP)
@@ -470,7 +436,7 @@ function(add_perf_test)
   endif()
 
   set(TESTS_SUFFIX "")
-  if("sgx" IN_LIST TARGET)
+  if("sgx" IN_LIST COMPILE_TARGETS)
     set(TESTS_SUFFIX "${TESTS_SUFFIX}_SGX")
   endif()
   if("raft" STREQUAL ${PARSED_ARGS_CONSENSUS})

cmake/crypto.cmake

@@ -16,7 +16,7 @@ file(GLOB_RECURSE EVERCRYPT_SRC "${EVERCRYPT_PREFIX}/*.[cS]")
 
 # We need two versions of EverCrypt, because it depends on libc
 
-if("sgx" IN_LIST TARGET)
+if("sgx" IN_LIST COMPILE_TARGETS)
   add_library(evercrypt.enclave STATIC ${EVERCRYPT_SRC})
   target_compile_options(
     evercrypt.enclave PRIVATE -Wno-implicit-function-declaration
@@ -53,7 +53,7 @@ set(CCFCRYPTO_SRC ${CCF_DIR}/src/crypto/hash.cpp
 
 set(CCFCRYPTO_INC ${CCF_DIR}/src/crypto/ ${EVERCRYPT_INC})
 
-if("sgx" IN_LIST TARGET)
+if("sgx" IN_LIST COMPILE_TARGETS)
   add_library(ccfcrypto.enclave STATIC ${CCFCRYPTO_SRC})
   target_compile_definitions(
     ccfcrypto.enclave PRIVATE INSIDE_ENCLAVE _LIBCPP_HAS_THREAD_API_PTHREAD

cmake/pbft.cmake

@@ -2,11 +2,11 @@
 # Licensed under the Apache 2.0 License.
 # PBFT
 
-add_definitions(-DSIGN_BATCH)
+add_compile_definitions(SIGN_BATCH)
 set(SIGN_BATCH ON)
 
 if(SAN)
-  add_definitions(-DUSE_STD_MALLOC)
+  add_compile_definitions(USE_STD_MALLOC)
 endif()
 
 set(PBFT_SRC
@@ -54,7 +54,7 @@ set(PBFT_SRC
     ${CMAKE_SOURCE_DIR}/src/consensus/pbft/libbyz/Append_entries.cpp
 )
 
-if("sgx" IN_LIST TARGET)
+if("sgx" IN_LIST COMPILE_TARGETS)
   add_library(libbyz.enclave STATIC ${PBFT_SRC})
   target_compile_options(libbyz.enclave PRIVATE -nostdinc)
   target_compile_definitions(
@@ -76,7 +76,7 @@ endif()
 
 set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
 
-if("virtual" IN_LIST TARGET)
+if("virtual" IN_LIST COMPILE_TARGETS)
 
   add_library(libbyz.host STATIC ${PBFT_SRC})
   target_compile_options(libbyz.host PRIVATE -stdlib=libc++)

cmake/quickjs.cmake

@@ -23,7 +23,7 @@ message(STATUS "QuickJS prefix: ${QUICKJS_PREFIX} version: ${QUICKJS_VERSION}")
 
 # We need two versions of libquickjs, because it depends on libc
 
-if("sgx" IN_LIST TARGET)
+if("sgx" IN_LIST COMPILE_TARGETS)
   add_library(
     quickjs.enclave STATIC ${QUICKJS_SRC} ${CCF_DIR}/3rdparty/stub/stub.c
   )

cmake/secp256k1.cmake

@@ -1,7 +1,7 @@
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the Apache 2.0 License.
 
-if("sgx" IN_LIST TARGET)
+if("sgx" IN_LIST COMPILE_TARGETS)
   add_library(
     secp256k1.enclave STATIC ${CCF_DIR}/3rdparty/secp256k1/src/secp256k1.c
   )

cmake/sss.cmake

@@ -11,7 +11,7 @@ set(SSS_SRC ${SSS_PREFIX}/sss.c ${SSS_PREFIX}/hazmat.c
             ${SSS_PREFIX}/tweetnacl.c
 )
 
-if("sgx" IN_LIST TARGET)
+if("sgx" IN_LIST COMPILE_TARGETS)
   add_library(sss.enclave STATIC ${SSS_SRC})
   set_property(TARGET sss.enclave PROPERTY POSITION_INDEPENDENT_CODE ON)
   install(

samples/apps/smallbank/smallbank.cmake

@@ -14,40 +14,32 @@ sign_app_library(
   ${CCF_DIR}/src/apps/sample_key.pem
 )
 
-if(${SERVICE_IDENTITY_CURVE_CHOICE} STREQUAL "secp256k1_bitcoin")
-  set(SMALL_BANK_SIGNED_VERIFICATION_FILE
-      ${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank_50k.json
-  )
-  set(SMALL_BANK_SIGNED_ITERATIONS 50000)
-else()
-  set(SMALL_BANK_SIGNED_VERIFICATION_FILE
-      ${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank_2k.json
-  )
-  set(SMALL_BANK_SIGNED_ITERATIONS 2000)
-endif()
+function(get_verification_file iterations output_var)
+  math(EXPR thousand_iterations "${iterations} / 1000")
+  set(proposed_name ${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank_${thousand_iterations}k.json)
+  if(NOT EXISTS "${proposed_name}")
+    message(FATAL_ERROR "Could not find verification file for ${iterations} iterations (looking for ${proposed_name})")
+  endif()
+  set(${output_var} ${proposed_name} PARENT_SCOPE)
+endfunction()
+
+set(SMALL_BANK_SIGNED_ITERATIONS 50000)
+get_verification_file(${SMALL_BANK_SIGNED_ITERATIONS} SMALL_BANK_SIGNED_VERIFICATION_FILE)
 
 if(BUILD_TESTS)
   # Small Bank end to end and performance test
   foreach(CONSENSUS ${CONSENSUSES})
 
     if(${CONSENSUS} STREQUAL pbft)
       if(NOT CMAKE_BUILD_TYPE STREQUAL "Debug")
-        set(SMALL_BANK_VERIFICATION_FILE
-            ${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank_50k.json
-        )
         set(SMALL_BANK_ITERATIONS 50000)
       else()
-        set(SMALL_BANK_VERIFICATION_FILE
-            ${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank_2k.json
-        )
         set(SMALL_BANK_ITERATIONS 2000)
       endif()
     else()
-      set(SMALL_BANK_VERIFICATION_FILE
-          ${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank.json
-      )
       set(SMALL_BANK_ITERATIONS 200000)
     endif()
+    get_verification_file(${SMALL_BANK_ITERATIONS} SMALL_BANK_VERIFICATION_FILE)
 
     add_perf_test(
       NAME small_bank_client_test_${CONSENSUS}
@@ -101,6 +93,8 @@ if(BUILD_TESTS)
       backups
       --sign
       --participants-curve
-      "secp256k1"
+      "secp256k1
+   "
   )
+
 endif()

sphinx/source/quickstart/build.rst

@@ -44,11 +44,9 @@ The full list of build switches can be obtained by running:
 * **BUILD_TESTS**: Boolean. Build all tests for CCF. Default to ON.
 * **BUILD_SMALLBANK**: Boolean. Build SmallBank performance benchmark. Default to OFF.
 * **CLIENT_MBEDTLS_PREFIX**: Path. Prefix to mbedtls install to be used by test clients. Default to ``/usr/local``.
-* **SERVICE_IDENTITY_CURVE_CHOICE**: String, one of ``secp384r1``, ``secp256k1_mbedtls``, ``secp256k1_bitcoin``. Elliptic curve to use for CCF network and node identities. Defaults to ``secp384r1``.
 * **NO_STRICT_TLS_CIPHERSUITES**: Boolean. Relax the list of accepted TLS ciphersuites. Default to OFF.
-* **OpenEnclave_DIR**: Path. Open Enclave install directory. Default to ``/opt/openenclave/lib/openenclave/cmake``.
 * **SAN**: Boolean. Build unit tests with Address and Undefined behaviour sanitizers enabled. Default to OFF.
-* **TARGET**: String, one of ``sgx``, ``virtual``, or ``sgx;virtual``. Defaults to ``sgx;virtual``, which builds both "virtual" enclaves and actual SGX enclaves.
+* **COMPILE_TARGETS**: String. List of target compilation platforms. Defaults to ``sgx;virtual``, which builds both "virtual" enclaves and actual SGX enclaves.
 * **VERBOSE_LOGGING**: Boolean. Enable all logging levels. Default to OFF.
 
 Running Tests

src/tls/curve.h

@@ -21,19 +21,7 @@ namespace tls
     secp256k1_mbedtls = 3,
     secp256k1_bitcoin = 4,
 
-#if SERVICE_IDENTITY_CURVE_CHOICE_SECP384R1
     service_identity_curve_choice = secp384r1,
-#elif SERVICE_IDENTITY_CURVE_CHOICE_ED25519
-    service_identity_curve_choice = ed25519,
-#elif SERVICE_IDENTITY_CURVE_CHOICE_SECP256K1_MBEDTLS
-    service_identity_curve_choice = secp256k1_mbedtls,
-#elif SERVICE_IDENTITY_CURVE_CHOICE_SECP256K1_BITCOIN
-    service_identity_curve_choice = secp256k1_bitcoin,
-#else
-#  pragma message( \
-    "No service identity curve specified - defaulting to secp384r1")
-    service_identity_curve_choice = secp384r1,
-#endif
   };
 
   // 2 implementations of secp256k1 are available - mbedtls and bitcoin. Either